Info from Back: "The seminal book on white-hat hacking and countermeasures... Should be required reading for anyone with a server or network to secure - Bill Machrone"

Introduction

For those not familiar with the Hacking Exposed series of books, they are not for the networking/security newcomer and delve into the depths of reality hacking, tools and techniques that are actually used in the field.

They show what is used, how to use it and how to effectively protect against it.

These books are a must for any penetration tester, security admin or general network/system admin that has to deal with security.

Until you really know what is out there and understand it, you can't hope to defend against it.

The guts of the books stay the same, operating systems, networking, switches/routers etc with the addition of a Wireless section and and expansion of other sections that have become more relevant.

The book is written in a fairly casual style which suites the subject matter. It is detailed and dives right into it, I would recommend at least a passing knowledge of TCP/IP, networking and general security before attempting to read this as it is fairly in depth. Even though things are explained well and in simple terms, if it's a totally new area to you, you will get lost.

If you are acquainted with the above things then this is a must have book, it will open your eyes to many things that you probably didn't even know went on or were possible.

This books covers the reality of security on the Internet, the tools and techniques that are really used in the intrusions that happen every day.

There are a variety of real life case studies through out the book outlining real situations and applications.

Every exploit or vulnerability has a small box which shows:

Popularity

Simplicity

Impact

Risk Rating

This would be very useful for people unfamiliar with what goes on in the wild outback of the Internet.

Countermeasures are explained well with enough detail to practically apply them.

The book comes with a DVD-ROM containing key security tools ready to install on your computer, links to the security tools covered in the book, a password database and security presentation video.

Conclusion

Overall an excellent book, well written, easy to understand (if you have a technical background) and packed full of information.

It's not hugely different from the 3rd edition, but I'd say if you have the 1st edition and possibly the 2nd it's worth a look as a lot of things have changed.

It's gets an SFDC 8/10 from me, recommended.

Security Forums Discount

The publishers Mcgraw Hill have kindly setup a discount section for Security Forums' users. Discounts can be up to 30% off the RRP and postage is free on all orders over £20 in the UK & Central Europe.

Last edited by ShaolinTiger on Thu Apr 08, 2004 10:54 am; edited 9 times in total

Author: flw, Location: U.S.A.Posted: Wed Jun 25, 2003 12:21 amPost subject: ----I've read the second edtion some time ago and finished the fourth about a month ago. I would agree with ST on all his points. If you have the third edition you can hold off. If you have the first or second take a look at your local book store for yourself.

This is a learning and a reference book in one. As mentioned you'll need a working knowledge of tcp/ip and networking in general to get the wealth of knowledge that is provided.

The only down side that I saw is that the wireless standard 801.11g draft was out prior to printing. So I felt they could have at least commented on the draft version. The same for 802.11i draft standard. I felt this was important because wireless will only grow and so will the crowd to hack it.

Author: alt.don, Posted: Wed Jun 25, 2003 12:49 amPost subject: ----On the strength of your review alone I will purchase a copy. I have been meaning to just have not had the time to read some reviews of it. Sides my copy of the original is woefully out of date.

Author: Sgt_B, Location: Chicago, IL USPosted: Wed Jun 25, 2003 3:40 amPost subject: ----Well, just checked my wallet, and it looks like I have $50+ dollars to spend. I'll be buying this book. Thanks for the great review, and hopefully this will give me a better understanding on network security (and a better chance to land a security job!)
Thanks ST!

Author: TaloneR, Posted: Wed Jun 25, 2003 10:14 amPost subject: ----i have the third edition and i love it. I guess the way ST have outlined it, it's the same style as 3rd one. I hope they have included some detailed exploit code and emphesized on VPN hacking. I was disappointed in VPN section and 802.11b section. otehr than that the book is a treasure of information and a must have. As for cd material.. i guess they have a list published somewhere with all tools and code included in the dvd as well as link to all the code and tools used in the books as well as addtional reference material.

Author: Bart Decker, Posted: Wed Jun 25, 2003 10:56 amPost subject: ----Would be bad for me to buy at the moment . Had a account block at my internet provider . Don't know if they got a mail from a certain company or that they are logging suspicious activity at their servers .

So probably i have to look out for a new isp ...

Author: tutaepaki, Location: New ZealandPosted: Thu Jun 26, 2003 12:37 amPost subject: ----This review inspired to to go out and buy HE 4 yesterday. I've had HE 2, (or maybe even 1) but lent it to some-one, and never saw it again

Have to say, so far I'm impressed, I enjoyed the one I had, and 4 is just as good. Seems to be one of the few security books which is easy to read, cover to cover.

There seems to be quite a bit of new and updated stuff from the one I had.

Author: Sgt_B, Location: Chicago, IL USPosted: Fri Jun 27, 2003 3:40 amPost subject: ----Any comments on the other books that HE4 mentions? Such as 'Hacking Windows 2000' or 'Hacking Web Applications'?
I'm looking at this from the standpoint of building my skills as a penetration tester.
Are those worth the effort?

Author: Eddy, Location: Edinburgh, UKPosted: Mon Jun 30, 2003 8:58 pmPost subject: ----I have both the 2nd edition of the master book (Hacking Exposed) and the second edition of the Linux book (Hacking Linux Exposed) and would highly recommend them to anyone who even thinks about setting up a network environment.
They contain much of the high level information that you need in order to properly secure a network, and have enough of a blackhat hint to them to keep them as an interesting read. Definitely a good overview of a lot of topics, but nobody should fall into the trap of thinking that this book is the beginning and end of computer infosec.

There is no substitute for a low level knowledge of the platforms you work with.

Author: bluwulf, Posted: Fri Sep 05, 2003 10:09 pmPost subject: ----By any chance is there a free version of this book or any like it ?

Actually I think it is worth you money. If you dont want to buy the book then I recomend you look at your local public Library. They usualy will loan out books for 2-3 weeks. That is what I do when I dont have the money for the book but I still want to read it.

There are many perfectly legal ways to get a free copy of the book, even if its just for a short amount of time. The writers spend a LOT of time writing, proof reading, verifying and getting the book printed. I really think that you need (read must) support the hard work and effort the author puts in.

Author: chris, Location: ~/security-forumsPosted: Sat Sep 06, 2003 12:21 amPost subject: ----We will shortly be offering this book at discounted rates as the publisher has kindly setup a special section dedicated to us

It will be cheaper than amazon and free p&p to most of europe

If you are considering buying this book or any of the 'hack notes' series please hold up as the discounts will be upto 25%

Author: squidly, Location: Umm.. I dont know.. somewherePosted: Sat Sep 06, 2003 12:39 amPost subject: ----That sounds very very cool.. I would love to be able to have a nice discount for good books!